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AMENDMENTS TO THE CLAIMS 



CLAIMS (clean copy) 

1 . (currently amended) A distributed subscriber management method for controlling user 
authentication at an access control node located between a plurality of user networks and an 
access network, the access network being connected to plurality of ISP (Internet service 
Provider) networks, the method comprising the steps of: 

(a) receiving, at the access control node, which is operatively 
connected to the plurality of user networks, a data imit from a user located on one of the 
plurality of user networks for accessing at least one of the plurality of ISP networks connected 
to the access network; 

(b) determining whether the data unit requires authentication for 
accessing said at least one of the pliuBlity of ISP networks; 

(c) if the data unit requires authentication, determining whether 
authentication data for said at least one of the plurality of ISP networks is locally stored in a 
local authorization table on the access control node, 

(d) if the authentication data is locally stored in the local 
authorization table on the access control node, authenticating the data imit, thus preventing 
unnecessary traffic interchange between the access network, the plurality of ISP networks, and 
the plurality of user networks; 

(e) if the authentication data is not locally stored in the local 
authorization table on the access control node, determining whether the data unit is eligible for 
transmission to said at least one of the plurality of ISP networks ; and 

(f) if the data unit is eligible for transmission, transmitting said data 
unit from the access control node to said at least one of the plurality of ISP networks . 

2. (currently amended) The distributed subscriber management method as claimed in claim 
1, wherein the step (d) includes interrogating the user for access information to the plurality of 
ISP networks. 
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3. (currently amended) The distributed subscriber management method as claimed in claim 
1, wherein the step (f) comprises receiving, at the access control node, an authentication 
message for said data unit from the at least one of the plurality of ISP networks to permit the 

5 user to access said ISP network. 

4. (canceled) 

5. (ciurently amended) The distributed subscriber management method as claimed in claim 
10 2, further including encrypting the access information at the access control node prior to 

transmitting the access information to said at least one of the plurality of ISP networks. 



6. (currently amended) The distributed subscriber management method as claimed in claim 
15 3, wherein the step of receiving, at the access control node, the authentication message for said 
data unit comprises storing authenticated data unit in the local authorization table on the 
access control node; and wherein the local authorization table comprises the authenticated data 
for the plurality of ISP networks. 

20 7. (original) The distributed subscriber management method as claimed in claim 

6, wherein the step (b) comprises searching the authenticated data units stored in the local 
authorization table on the access control node. 

8. (currently amended) The distributed subscriber management method as claimed in claim 3, 
2 5 wherein the step (f) comprises communicating with the plurality of ISP networks by employing 
one or more of standard authentication protocols selected from the list consisting of remote 
authentication dial-in user service protocol, password authentication protocol, challenge 
handshake authentication protocol, and terminal access controller access control system 
protocol. 



30 



13 May 2005 



BEST AVAIUBLE COPT 

4/15 TR-Q53-US 



9. (original) The distributed subscriber management method as claimed in claim 1, wherein the 
step (d) comprises employing one or more of standard authentication protocols selected from 
the list consisting of remote authentication dial-in user service protocol, password 
authentication protocol, challenge handshake authentication protocol, and terminal access 

5 controller access control system protocol at the access control node. 

10. (original) The distributed subscriber management method as claimed in claim 
3, wherein the step (f) further includes packet-labeling of the data unit. 

10 11. (original) The distributed subscriber management method as claimed in claim 

6, wherein the step of receiving the authentication message further includes determining the 
contents of the authentication message at the access control node. 

12. (original) The distributed subscriber management method as claimed in claim 

15 1, wherein the step (e) comprises examining the content of the authenticated data unit at the 
access control node. 

14. (original) The distributed subscriber management method as claimed in claim 
1, further including collecting statistical usage information at the access node. 

20 

15. (currently amended) An integrated access device, for placement between a user network 
and plurality of ISP networks, the integrated access device comprising: 

(i) a user network interface for operatively connecting to plurality of 
user networks to receive data units from the plurality of user networks; 
2 5 (ii) an authentication agent, operatively connected to the user network 

interface for locally authenticating, authorizing, and forwarding data units received from the 
plurality of user networks; 

(iii) an external network interface, operatively connected to the 
authentication agent, for forwarding data units locally authorized by the authentication agent to 
30 at least one of the plurality of ISP networks; and 

(iv) means for communicating with said plurality of ISP networks. 
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16. (original) An integrated access device as claimed in claim 15, wherein the user 
network interface includes a plurality of ingress cards and the external network interface 

5 includes an egress card. 

17. (ciurently amended) An integrated access device as claimed in claim 15, wherein the 
authentication agent includes a local authorization table for authorizing data imits for said 
plurality of ISP networks. 

10 

18. (original) An integrated access device as claimed in claim 15, wherein the 
authentication agent includes network address assignment and release means. 

19. (original) An integrated access device as claimed in claim 15, further including 
1 5 service level enforcing means, network resource management means, means for statistical 

usage collection, and alarm monitoring means. 

20. (currently amended) An integrated access device as claimed in claim 17, wherein the 
means for communicating with the plurality of ISP networks comprises: 

20 (p) means for determining whether the data unit is eligible for 

transmission from the access control node to at least one of the plurality of ISP networks; 

(q) means for transmitting the data unit from the access control node 
to the plurality of ISP networks; 

(r) means for receiving, at the access control node, an authentication 
2 5 message for said data unit from at least one of said plurality of ISP networks to permit the user 
to access said ISP network; and 

(s) means for storing authenticated data units for said plurality of ISP 
networks in a local authorization table on the access control node. 
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2 1 . (currently amended) An integrated access device as claimed in claim 1 5, wherein the 
authentication agent employs a password authentication protocol. 
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22. (currently amended) An integrated access device as claimed in claim 15, wherein the 
authentication agent employs a challenge handshake authentication protocol. 

5 23. (original) An integrated access device as claimed in claim 15, wherein the 

authentication agent includes a terminal access controller access control system. 

24. (currently amended) An integrated access device as claimed in claim 15, wherein the 
authentication agent employs a remote authentication dial-in user service protocol. 

10 

25. (currently amended) An access control node, for placement between plurality of user 
networks and plurality of ISP networks, the access control node comprises the integrated access 
device claimed in claim 15. 
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